The Week in Application Security News: November 4–11, 2013

Nov 10, 2013 By Sarah Vonnegut

Before you get hit with the next flood of security news, catch up on the big stories that caught the AppSec community over the past week. From pre-Cyber Monday safety tips to the ground-breaking revelation that ‘12356’ is a really popular password to the untraceable Bitcoin robbery of $1.2M, we’ve got you covered.

  • The argument for two-step authentication was strengthened this week, first when Adobe suffered a staggering security breach of user login credentials and then a few days later when a new study discovered that on average, 15 out of 16 logins are, in fact, completed by automated and potentially malicious hacking tools. Only six percent of visitors were either actual humans or ‘benevolent bots’, like search engines.
  • Microsoft issued a security advisory and a temporary fix for a Zero-Day Remote code execution vulnerability that could be exploited to install malware via targeted word documents. Potentially affecting users of Office, Lync and Windows users, the vulnerability involves specially crafted TIFF images, Microsoft released in a post. A permanent fix is expected for the December Security Update, but Microsoft users should be aware of the threat and take precautions.
  • A newly released study says that the data of over 16 million Americans was compromised in 2012 – and at least a quarter of them ended up suffering from fraudulent activity. Between credit/debit card numbers, Social Security numbers, online banking details and bank account numbers, over four million Americans reported their data having been used by hackers. The report concluded with a recommendation for ongoing risk assessments, especially for the financial, healthcare, and retail industries.
  • A Ponemon Institute Study revealed that the cost of an attack on the upcoming Cyber Monday (December 1st) could cost a large organization upwards of $3.4 million for just one hour of downtime due to an attack, including losses of customer trust and brand damage. With 64% of organizations reporting an annual increase of attacks during the holiday season, it’s high time to take some preventative measures in securing your eCommerce site before the holidays hit.
  • And if you had confidence in the online exchange of Bitcoins, you may want to reconsider: last week, hackers got a hold of 4,100 BTC, or around $1.3 million from a Bitcoin site that deals with the online currency. Because of the elusiveness of Bitcoins online, it’s unlikely the hackers will ever be found. The site’s founder, known only as TradeFortress, doesn’t “recommend storing any Bitcoins accessible on computers connected to the Internet.”
The following two tabs change content below.
Sarah is in charge of social media and an editor and writer for the content team at Checkmarx. Her team sheds light on lesser-known AppSec issues and strives to launch content that will inspire, excite and teach security professionals about staying ahead of the hackers in an increasingly insecure world.

Latest posts by Sarah Vonnegut (see all)

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.